Skip to content

ci: pin action dependencies and align Go version matrix #33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Mutasem-mk4 merged 1 commit into from
May 20, 2026
Merged

ci: pin action dependencies and align Go version matrix #33

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 19 additions & 19 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,16 +14,16 @@ jobs:
name: Generate eBPF Object
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6 # v4.2.2
- uses: actions/setup-go@v6 # v5.3.0
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: '1.26.2'
- name: Install toolchain
run: sudo apt-get update && sudo apt-get install -y clang llvm libbpf-dev
- name: Generate BPF
run: make generate
- name: Upload BPF object
uses: actions/upload-artifact@v7 # v4.6.1
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
with:
name: procscope-bpf-object
path: internal/tracer/procscope_bpfel.o
Expand All @@ -35,14 +35,14 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
go-version: ['1.25', '1.26.2']
go-version: ['1.26.2']
steps:
- uses: actions/checkout@v6 # v4.2.2
- uses: actions/setup-go@v6 # v5.3.0
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: ${{ matrix.go-version }}
- name: Download BPF object
uses: actions/download-artifact@v8 # v4.1.9
uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9
with:
name: procscope-bpf-object
path: internal/tracer
Expand All @@ -65,12 +65,12 @@ jobs:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6 # v4.2.2
- uses: actions/setup-go@v6 # v5.3.0
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: '1.26.2'
- name: golangci-lint
uses: golangci/golangci-lint-action@v9 # v6.1.1
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
continue-on-error: true
with:
version: v1.64.5
Expand All @@ -79,8 +79,8 @@ jobs:
name: Vulnerability Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6 # v4.2.2
- uses: actions/setup-go@v6 # v5.3.0
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: '1.26.2'
- name: Install govulncheck
Expand All @@ -93,12 +93,12 @@ jobs:
needs: generate-bpf
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6 # v4.2.2
- uses: actions/setup-go@v6 # v5.3.0
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: '1.26.2'
- name: Download BPF object
uses: actions/download-artifact@v8 # v4.1.9
uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9
with:
name: procscope-bpf-object
path: internal/tracer
Expand All @@ -113,7 +113,7 @@ jobs:
- name: Lint Debian Package
run: lintian ./procscope_*.deb || true
- name: Upload Debian Package
uses: actions/upload-artifact@v7 # v4.6.1
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
with:
name: procscope-deb
path: ./procscope_*.deb
Expand All @@ -127,9 +127,9 @@ jobs:
steps:
- name: Install dependencies
run: pacman -Syu --noconfirm git go nodejs
- uses: actions/checkout@v6 # v4.2.2
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Download BPF object
uses: actions/download-artifact@v8 # v4.1.9
uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9
with:
name: procscope-bpf-object
path: internal/tracer
Expand All @@ -139,7 +139,7 @@ jobs:
chown -R builduser:builduser .
su builduser -c "cd arch && makepkg -sf"
- name: Upload Arch Package
uses: actions/upload-artifact@v7 # v4.6.1
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
with:
name: procscope-pkg-tar-zst
path: arch/*.pkg.tar.zst
4 changes: 2 additions & 2 deletions .github/workflows/growth-automation.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@ jobs:
contents: write
issues: write
steps:
- uses: actions/checkout@v6 # v4.2.2
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

- uses: actions/setup-python@v6 # v5.5.0
- uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
with:
python-version: '3.11'

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/packaging-quality.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ jobs:
- name: Install deps
run: pacman -Syu --noconfirm git go nodejs namcap

- uses: actions/checkout@v6 # v4.2.2
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Validate .SRCINFO is in sync
run: |
Expand All @@ -50,7 +50,7 @@ jobs:
name: Debian metadata validation
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6 # v4.2.2
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Install packaging tools
run: |
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release-preflight.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,11 @@ jobs:
name: Validate release packaging consistency
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6 # v4.2.2
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

- uses: actions/setup-python@v6 # v5.5.0
- uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
with:
python-version: '3.11'

Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,15 +15,15 @@ jobs:
permissions:
contents: write
steps:
- uses: actions/checkout@v6 # v4.2.2
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

- uses: actions/setup-go@v6 # v5.3.0
- uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: '1.26.2'

- uses: actions/setup-python@v6 # v5.5.0
- uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
with:
python-version: '3.11'

Expand All @@ -32,7 +32,7 @@ jobs:
python scripts/release_preflight.py --tag "${GITHUB_REF_NAME}"

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v7 # v6.4.0
uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0
with:
version: '~> v2'
args: release --clean
Expand Down
18 changes: 9 additions & 9 deletions .github/workflows/security-suite.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,13 @@ jobs:
matrix:
language: ['go']
steps:
- uses: actions/checkout@v6 # v4.2.2
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Go
uses: actions/setup-go@v6 # v5.3.0
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: '1.26.2'
- name: Initialize CodeQL
uses: github/codeql-action/init@v4 # v3.28.10
uses: github/codeql-action/init@a65a038433a26f4363cf9f029e3b9ceac831ad5d # v3.28.10
with:
languages: ${{ matrix.language }}
- name: Install toolchain
Expand All @@ -42,7 +42,7 @@ jobs:
- name: Build
run: make build
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4 # v3.28.10
uses: github/codeql-action/analyze@a65a038433a26f4363cf9f029e3b9ceac831ad5d # v3.28.10

dependency-review:
name: Dependency Review
Expand All @@ -52,8 +52,8 @@ jobs:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@v6 # v4.2.2
- uses: actions/dependency-review-action@v4 # v4.9.1
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0

scorecard:
name: OpenSSF Scorecard
Expand All @@ -65,16 +65,16 @@ jobs:
contents: read
actions: read
steps:
- uses: actions/checkout@v6 # v4.2.2
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Run analysis
uses: ossf/scorecard-action@v2.4.3 # v2.4.3
uses: ossf/scorecard-action@99c09fe975337306107572b4fdf4db224cf8e2f2 # v2.4.3
with:
results_file: results.sarif
results_format: sarif
publish_results: true
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v4 # v3.28.10
uses: github/codeql-action/upload-sarif@a65a038433a26f4363cf9f029e3b9ceac831ad5d # v3.28.10
with:
sarif_file: results.sarif
3 changes: 3 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,9 @@ Trace malware behavior, investigate suspicious binaries, and audit container wor
<!-- Quality & Security -->
<img src="https://img.shields.io/github/actions/workflow/status/Mutasem-mk4/procscope/ci.yml?style=flat-square&label=CI" alt="CI Status">
<img src="https://img.shields.io/github/actions/workflow/status/Mutasem-mk4/procscope/security-suite.yml?style=flat-square&label=security" alt="Security Suite Status">
<a href="https://securityscorecards.dev/viewer/?uri=github.com/Mutasem-mk4/procscope">
<img src="https://img.shields.io/ossf/scorecard/github.com/Mutasem-mk4/procscope?label=openssf%20scorecard&style=flat-square" alt="OpenSSF Scorecard">
</a>
<img src="https://img.shields.io/github/license/Mutasem-mk4/procscope?style=flat-square&color=000000" alt="License">
<img src="https://img.shields.io/github/stars/Mutasem-mk4/procscope?style=flat-square&color=F9A825" alt="GitHub Stars">
<br>
Expand Down
Loading